基础信息
项目名称:zilliztech/GPTCache
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1720402654600933376/1720402654676430848
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| loguru 代码注入漏洞 | 代码注入 | MPS-2022-1393 | CVE-2022-0329 | 严重 |
| grpc不加限制或调节的资源分配漏洞 | 过度迭代 | MPS-7ht6-lm4j | CVE-2023-33953 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| loguru | 0.5.3 | 间接依赖 | 建议修复 | |
| grpcio | 1.53.0 | 1.53.2 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 4 | 低 |
| MIT | 11 | 低 |
| 自定义许可证 | 2 | 低 |
| MPL-2.0 | 3 | 低 |
| BSD-3-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| AutoConfig | 间接依赖 | pip | |
| VectorBase | 间接依赖 | pip | |
| coverage | 7.2.3 | 间接依赖 | pip |
| FileSystemLoader | 间接依赖 | pip | |
| BufferedReader | 间接依赖 | pip | |
| get_data_manager | 间接依赖 | pip | |
| import_paddle | 间接依赖 | pip | |
| DataType | 间接依赖 | pip | |
| abstractmethod | 间接依赖 | pip | |
| Cache | 间接依赖 | pip | |
| BytesIO | 间接依赖 | pip | |
| pytest | 7.2.0 | 间接依赖 | pip |
| pytest-timeout | 1.3.3 | 间接依赖 | pip |
| pytest-cov | 4.1.0 | 间接依赖 | pip |
| Timm | 间接依赖 | pip | |
| AsyncGenerator | 间接依赖 | pip | |
| pytest-sugar | 0.9.5 | 间接依赖 | pip |
| AsyncMock | 间接依赖 | pip | |
| List | 间接依赖 | pip | |
| Any | 间接依赖 | pip | |
| Answer | 间接依赖 | pip | |
| transformers | 4.29.2 | 间接依赖 | pip |
| pytest-assume | 2.4.3 | 间接依赖 | pip |
| ABCMeta | 间接依赖 | pip | |
| RwkvModel | 间接依赖 | pip | |
| cache | 间接依赖 | pip | |
| pytest-repeat | 0.8.0 | 间接依赖 | pip |
| pyqt5 | 5.13 | 间接依赖 | pip |
| LLMChain | 间接依赖 | pip | |
| loguru | 0.5.3 | 间接依赖 | pip |
| urllib3 | 2.0 | 间接依赖 | pip |
| protobuf | 3.20.0 | 间接依赖 | pip |
| Union | 间接依赖 | pip | |
| CacheStorage | 间接依赖 | pip | |
| import_torch | 间接依赖 | pip | |
| _construct_resp_from_cache | 间接依赖 | pip | |
| import_huggingface | 间接依赖 | pip | |
| StabilityInference | 间接依赖 | pip | |
| patch | 间接依赖 | pip | |
| pymilvus | 2.2.8 | 间接依赖 | pip |
| CacheData | 间接依赖 | pip | |
| VectorData | 间接依赖 | pip | |
| generation | 间接依赖 | pip | |
| Callable | 间接依赖 | pip | |
| manager_factory | 间接依赖 | pip | |
| Config | 间接依赖 | pip | |
| pytest-xdist | 2.5.0 | 间接依赖 | pip |
| gptcache | 间接依赖 | pip | |
| Environment | 间接依赖 | pip | |
| m2r2 | 间接依赖 | pip | |
| MagicMock | 间接依赖 | pip | |
| Onnx | 间接依赖 | pip | |
| Optional | 间接依赖 | pip | |
| pyqtwebengine | 5.13 | 间接依赖 | pip |
| milvus | 2.2.8 | 间接依赖 | pip |
| PromptTemplate | 间接依赖 | pip | |
| anyio | 3.6.2 | 间接依赖 | pip |
| typing_extensions | 4.6.0 | 间接依赖 | pip |
| CacheBase | 间接依赖 | pip | |
| import_timm | 间接依赖 | pip | |
| pytest-html | 3.1.1 | 间接依赖 | pip |
| Dict | 间接依赖 | pip | |
| pytest-loguru | 0.2.0 | 间接依赖 | pip |
| Question | 间接依赖 | pip | |
| grpcio | 1.53.0 | 间接依赖 | pip |
| pytest-level | 0.1.1 | 间接依赖 | pip |
| import_paddlenlp | 间接依赖 | pip | |
| AutoTokenizer | 间接依赖 | pip | |
| pytest-rerunfailures | 9.1.1 | 间接依赖 | pip |